Posted
by
timothy
on Monday January 08, 2001 @06:59PM
from the revision-control dept.

A hefty handful of updates for you in tonight's Slashback, including: more information on how to make your plastic fish talk; more on the sounds-too-good-to-be-true Delux DVD player; and things that hopefully do not go boom in the woods. Also, shedding some more light on the Sun E10K review we ran a few days ago.

Make that fish say what you want it to say!vonmar writes: "Full details of the Boogie Bass Hack are now available, including schematics, sourcecode, and documentation. All the information should be there now for anyone with a soldering iron to make the Bass do their bidding!"

North Carolinians (Carolingians?) can sleep relatively easy though: according to the article, when a pair of hydrogren bombs went down with the plane which was carrying them, "Safety mechanisms designed to prevent unintended or unauthorized detonation served their function, and a
historic nuclear catastrophe was averted. But published sources disagree on how close the people of Wayne
County came to suffering fiery annihilation." Please don't retrieve this, anyone.

Not so deluxe after all ... bluephone writes: "Well, it's been a while since the news of the Dulux DVD player hit Slashdot, and my question for my fellow /. inmates is can anyone post some FIRST HAND information about it? No more marketroid tripe, I'm talking about someone who ordered it, received it, played with it, etc. Was the company responsive? Did you actually get it? Is the playback quality good? Are the features promised actually there and functional? Currently, they claim to be out of stock, and will have more on the 15th of January, which could mena they've folded shop and run with the money, or that they sold like hotcakes. I want to know which it really is. A quick Google search revealed no actual post-testing reviews."

Adam Alexander writes: " Late
in November, I read the ask slashdot article about the Dulux DVD/MP3/Game
player and followed the link (http://www.gamedvdplayer.com) to purchase
the item. I paid with PayPal (extremely hard to get a refund) and it
turns out that I have never received the item, and although the company's
web site is still up, they do not return phone calls or emails. I have
set up a web site (http://oreo.donet.com/duluxhelp) for discussion between
Dulux customers in order to trade information about (for example) ways to
contact the company or success in getting refunds. I have a feeling that
there may be many more Slashdot readers in the same position and I would
like all of us to benefit from each other's experiences."

Well said. Who else can contribute words of wisdom (or chagrin) about what so far appears to be a non-deluxe player?

And now this newsflash with news ... on Flash!
Peter Santangeli of Macromedia sent this email to the bugtraq mailing list, good reading for anyone interested in the Flash insecurity reported earlier.

As was posted earlier to BUGTRAQ, an issue has been discovered with the
Macromedia Flash Player that shows a possible buffer overflow error when the
player encounters a maliciously or incorrectly created SWF file. After an
investigation, and consultation with the reporting engineer, Macromedia has
determined the following:

The data being accessed is located entirely in a dynamically allocated
structure in the heap space of the application.

The data access is limited to reading the information. At no time is the buffer in question ever written to. Neither the heap, nor the stack is written to during this processing, and at no time does this lead to the execution of arbitrary data as native instructions.

Given the above information, it is Macromedia's belief that the error in question, though unfortunate, does not constitute a significant security risk. The effects of this defect are limited to the crashing of the users client (denial of service).

On a personal note, I regret that the actual bug report did not reach the appropriate people at Macromedia in a timely manner. We do take security very seriously in the development of our products, and are looking in to mechanisms to ensure that this does not happen again. For a starter, we will be instituting a new email address by which these reports can be directly sent to the appropriate engineers.

Credit where credit is due.
Josh McCormick, who wrote this review on epinions.com of the heftily-priced Sun E10K server, was offered a call from Philip Ferreira, editor of Reviewboard Magazine, to discuss "what happened" with McCormick's review when a very similar review not crediting McCormick ran on the Reviewboard site, and was linked to by Slashdot (since removed, for reasons partly explained in this post from chabotc of Reviewboard). That message and the threads it spawned make clear what a big mess this was. Thanks to Josh for sticking up for his work. Here's his response to Reviewboard:

Phillip,

Considering the wild and numerous stories that were given to explain what
has happened, you'll forgive me if I don't want to hear one more. I view
the credibility of any explanation I would get as approaching zero.

Further, I pretty much already have what I wanted out of all of this. The
article removed from your site (although it is still on the chabotc.com
site), and recognition that I was the original author. There isn't much
more that I can gain from having a conversation.

What I gained from this was an interesting
story to share with my friends, and a
better appreciation for what it takes to "prove" something online.

There's a reason the makers of Delux don't have their own merchant account with visa/MC/Amex/etc. IT'S BECAUSE THEY'RE SHADY PEOPLE who couldn't quality for a merchant account. Might as well buy it from ebay. Might as well put a post it note on your credit card with name address and item desired and "ship this item or pass this on to someone else" and hope your item arrives.

When bidding on ebay, I always restrict item searches to stuff within driving distance. Then If I win the auction, I do the final transaction in person... or not at all, if they refuse, because only a con man will refuse to deal in person.

You wanna but from anonymous? It might work, but you will get ripped off from time to time.

/* The H-bombs jettisoned as the plane descended, one bomb parachuting to earth intact, the other striking a farmer's field at high speed -- "probably mach 1" (about 760 miles per hour) speculates one retired Air Force Colonel.
*/

umm what is terminal velocity again?

Seem to remember it was a bit slower then 760 mph.

When something is "ejected" it should not start up a thrust and propel itself along.

Would it be possible for a 3rd party company like paypal to hold funds in escrow till the product is actually shipped & received? (verified buy shipping company tracking number?)
Might be an added bit of complexity but I am shure it would go a long way towards boosting online sales to the timid.
-C

My favorite missing h-bomb story was that of the US bombs lost in Palomares, Spain, in 1965; the story is well told in Flora Lewis' account, One of our h-bombs is missing. It's out of print, but your local library probably has a copy. If not, it's available at alibris.com, and probably at other online used bookstores. I found it a Powells.

One thing that might help a bit is to pgp sign your messages, or even use a timestamping service [itconsult.co.uk] but I don't know of any way to prevent someone from backdating their copy of your work to circumvent copyright, or even claim that they authored it. I'm reminded of a passage in one of the Hitchhiker's Guide to the Galaxy books where the Guide blatantly ripped some info off the side of a cereal box, then sent the article (about how really big space is) back in time, and sued the cereal company for copyright infringement!

I had the pleasure of visiting at length with ESR at the last Worldcon (Chicon 2000 [chicon.org], for those of you who missed it). He is one of the most polite and gentle people I have met. (And one of the most opinionated, who appears to have made clearly-thought and researched choices.)
I liked him.

Hmm, some dodgy pen and pencil maths works out that with zero air resistance, dropping from 40,000 feet, with zero initial vertical velocity (horizontal velocity can be roughly ignored) then the speed of impact would still only be about 550 mph.

Of course, its' ten years since I left school, so I've forgotten how to do elementary mechanics.

As an active observer of that whole mess (and a sometime participant), I must disagree.

While he did seem pretty pissed about the whole thing -- and who can blame him? -- Josh really conducted himself well. He stuck to the facts and did very little name calling. A few other slashdotter's did drop to Redir's level, but flames beget flames.

The fascinating last piece of this story, that almost everyone missed can be found here [slashdot.org]. That's where Redir, posting as an AC, comes clean and grows up a bit.

The episode was one of the most interesting things that I have ever seen on the web. If I ever again here anyone say that "You can't trust what you read on the web," I'll have a pretty intersting story to tell about how that can be a self-correcting problem in a forum like Slashdot.

It might have been a little ugly, but it was nothing compared to redir's remarks. Josh McCormick considered himself extremely wronged, and redir considered his friend (and website) wronged, yet redir resorted to words such as "lewser" while Josh McCormick managed to get out complete sentences. I can't imagine how mad I'd be if an article I wrote got linked to the front page of Slashdot but was attributed to someone else, and then people wouldn't believe me. I think he did pretty well, considering.

Is he assuming that since the vulnerable buffer was malloc'd from heap, an attacker can't predict a jump address for any particular byte in the buffer?

Acutually that should be enough to stop most attacks. Being in the heap means he could trash things higher (or lower, depending on your perspective) on the heap. Overwriting everything in memory down to the stack...and to the correct jump address on the stack... would be EXTREMELY difficult and wouldn't be portable across different versions of symbolic libraries, for instance (which might shift the heap -- and even a few bytes would do).

A quick deja.com [deja.com] search is pretty ugly regarding the Dulux DVD player. Most of the users' stories are similar to Adam's: delays, no response and no refunds. The one user [deja.com] did get his, but due to the problems it has, is shipping it back. (Follow the rest of the thread [deja.com] for more info)

I have seen this DVD player for sale for months now under the respected Shinco brand. Shinco is a famous maker of low-cost Chinese DVD players. These of course get rebadged and sold under other names elsewhere using exactly the same circuitry (Sampo, Apex, etc.) just with different casing.
If you want a reliable place to buy this and other cool products you can go to a reputable dealer like http://www.goldenshop.com.hk/ or http://www.lik-sang.com/
Check out AI trading (the goldenshop URL) they have many cool nifty items for sale like portable MP3 CD-ROM players, etc. Asia really is the coolest place to find electronics because asshole groups like the RIAA/MPAA don't have as much power there.
AI Trading has all sorts of console game accessories that really kick ass.:-) Like light guns with sliding action that look like actual guns not toys.:-)
Welcome to the wonderful world of Chinese electronics!

They've changed a few sentences here and there, but it is pretty much all the information, in the same order, from the original article.
http://www.reviewboard.com/Section/Cover/E10k [reviewboard.com]
such blatent thievery, I truly hope everyone will boycott this shady, fly by night organization, they do NOT deserve your hits.

They've pulled the article, after talking to the folks at reviewboard, they have agreed to pull the warmed over 50% changed article (and already have). They've also agreed issue an apology to Josh (we'll see if they do.)
so, maybe, just maybe, there's someone there with some morals who'll do the "right thing."

...is that editor Philip Ferreira (Slashdot user 258299 "redir") repeatedly attempted to defend his website (claiming no wrong-doing) as if he was an unconnected 3rd party. I don't think there was ever a point where he admitted his identity even after a number of us posted concrete evidence in the form of reviewboard.com's WHOIS record and searches on Slashdot itself for his past postings. AND he was the one that submitted the story in the first place!

Josh's outrage was more than justified and I think he handled the whole situation famously considering all the facts of the case.

Hey moron, even if what you say is true it's illegal. Regardless of the original source, Chris put his name on content that was not his. You've stated this over and over yourself. You would have saved your multiple personalities alot of trouble if you had just credited the freelancer (read: other surfacing personality) that submitted the story to "Chris". But since that "person" was most likely you anyway there's not much point in continuing this garbage.

I hope one of the voices in your head beats you even more senseless than you already are.

Phil Ferreira's behaviour on Slashdot and at ReviewBoard was much, much worse. Insulting the real author, changing the story in question to fit his own version of the facts, attacking anyone who came up with proof of his own bad behaviour...wow. I found my jaw dropping as I read further down the thread and it became pretty clear the whole thing was blowing up in ReviewBoard's collective face.

I wrote the Houston BBB. They, in near real-time, wrote back. Here is an excerp from their email:

The media's very interested in the story but we need a local victim. Any ideas? If you can let people know that we do share info with the Attorney General and the DA but we need the complaints filed with us on our online complaint form.

They encourage anyone that has a complaint to file a complaint using their web form. If you live in or around Houston and have ordered but not received products, by all means email them ASAP. You can also contact Stacey Allen at the BBB at her direct tx number: 713-341-6165.

Supersonic free fall, eh? Could it be a case of the free faller attaining a subsonic speed in the high atmosphere (where the speed of sound is high?) that turns out to be supersonic at lower alititudes (where the SoS is lower)?

Ie, the barrier slowing down to be passed by the objects' speed, rather than the other way around...

I wonder to what extent it is possible to fall faster than mach at all. Regardless of streamlining, I expect that the sonic boom pressure wave would keep you from ever reaching mach 1. However, you might be able to come close if you are extremely streamlined.

I got an ad for the Dulux, sent to an old spamtrap address. Looks like more proof (as if any were needed) that if you have to spam to advertise your "product", it's probably garbage and/or totally bogus.

While sales tax is not as much of a problem here, I still look at stores. The steps which I labeled were not necessarily in order, nor all necessary for every purchase (insert no ops where necessary). The point I was trying to make was: find a product you are interested in, do the research, comparrision shop a little, then purchase from someone you trust.

I believe, that the concept of "retail" pricing for electronics is headed out. Buy.com is just what it says it is, its a superstore. Yes, their pricing is low on every item, but pay attention to sales sheets in the sunday paper and you can achieve the same thing.

I'm with you 100% on PayPal... that just sounds like "Checks Cashed Here: NO ID Required!"

As others have said, the US Postal Service and the Effa Bee Eye are good places to complain.

Also contact your state's attorney general -- there should be contact/fraud information available on a link from your state government's web site.

From a run-in with a deadbeat on eBay I know that most state laws ignore any incomplete transaction below $25. On the other hand if your transaction exceeds $25 then the Feds, the Post Office, their nearest relatives, and a fellow named Guido from across town will all step in to help you. Interstate fraud is a Phe-lo-nee with a capital PH.:)

Dude... Nukes are hard to set off because you have to increase the density of the 'material to several times its normal, at rest density. to make this happen requires a great deal of timing expertise, because jets of plasma are relatively easy to create, compared to a compression wave...
The real trip is, pound for pound, the energy in a hydrogen bomb comes from the non-fissionable u238. (see richard rhodes, the making of the hydrogen bomb.)

I've driven past the Chimney Rock Rd and Woodway intersection while experimenting with ways to get home from work. According to Mapblast, they are not to far west of that spot [http].

I can stop by sometime during the next couple weeks and take a look. Email me at xmas00 at hellgate dot homeip dot net. I may have messed up the qmail services running while experimenting with httpd yesterday so don't be alarmed if the email doesn't go through till sometime this weekend.

Hi, I hate to say this, but everything that could go wrong did go wrong with the Dulux DVD story. First of all, the original/. story was interesting, and I think it definitely had a place here. But with so many red flags thrown up, I think anyone who ordered one got what they deserved. If a company has the know-how to build a DVD player, or even the know-how to import one and sell it in the US, then they should have a fully functional e-commerce site. It is not that difficult. I could not even begin to build a DVD player with all of those "amazing" features, and I can't code worth a lick, but I manage to successfully run a honest-to-goodness e-commerce site I built from scratch! (http://www.raretshirts.com)
I accept Visa/MC/Amex/Discover, and anyone who purchases from me is covered by the same protection as if buying at their local retailer. It's just not that hard to put something professional together in the 21st century. A site that accepts PayPal as their main form of payment is either a. A Fraud or B. A person who doesn't take what they do seriously, and neither should you. For example, gooddealgames.com, of which there was recent news from because they are producing two new games for the old Sega CD system, accepts PayPal as their main payment service. I was ready to order from them until I saw that. You are telling me you can put into production/finish coding two 10 year old Sega CD games, but can't add a shopping cart to your site? But, I should have known when I visit their crappy site and loud, annoying MIDI fires up. C'mon guys!

I can tell you from personal experience that the U.S. Mail form, though slow, does get results. A woman who sent me a hot check for an eBay refund coughed up a money order pronto after they contacted her.

And speaking of fraud, check out this [ecomplaints.com] to see why I'll never buy anything at NTB (National Tire & Battery) Ever Again...

almost every time i've ordered online, the merchant has had places to fill out a billing and shipping address seperatly. Fill in your credit card's address in shipping and they could care less what goes in billing. I frequently order stuff to be delivered in Ausin, and my card has a San Antonio address, 2 seperate cities, but i've never run into this problem.

I have to say I'm very impressed by Macromedia's response to this. Peter Santangeli sounds very sincere when he says his company is going to find a way to prevent such long delays in fixing a bug.

I think that some companies [slashdot.org] spend more energy on trying to put a positive spin on glitches in their software than correcting the actual problem. To hear this kind of honesty from such a large company is very refreshing.

I'll have a
pretty intersting story to tell about how that can be a self-correcting problem in a forum
like Slashdot.

Self-correction in a public forum only works if the participants are both well informed and relatively homogenous (in./'s case, we're all geeks here). In the more general case, it favors urban legendry. In the most general case (TV), it favors stupidity.

Think about what happens when you get credited with something bad that you didn't write. How do you prove a negative? That has happened to many of us on usenet, and often the only way to beat it is to both browbeat the accusers and demonstrate that someone else posted it. If you can't do both, you're TSOL.

And don't be dependent on deja or google - those are just temporary solutions which will go away "soon."

Here's a theory: Geeks are more aggressive mentally because they are unable or unwilling to be aggressive physically, so they are aggressive verbally (with no worry about retribution or consequences) and this has ABSOLUTELY NOTHING to do with the number of articles on/. which touch on violent subject matter.

constant association between geekdom and violence

What are you smoking? If there is ONE THING geeks do NOT have a reputation for, it is violence.

Look at the way they flame as AC's on this site

And you are claiming this is a direct result of the violence content of articles on Slashdot??? That's the most ridiculous thing I've read all day. Socially immature individuals make moronic flame posts all over the internet every day. And guess what? I'm glad the internet is a place where they are free to do so, just as I am glad that Slashdot is free to post stories about anything the posters (who are quite certainly geeks, would you not say?) find interesting.

"I disapprove of what you say, but I will defend to the death your right to say it."
- Evelyn Beatrice Hall, paraphrasing Voltaire

The Houston branch of the Better Business Bureau is having a special meeting on Thursday, January 11th about Dulux. They have asked that any and all victims fill out their complaint form at http://www.bbbhou.org/complain.htm [bbbhou.org] to submit their information. This information will help them as they decide how to proceed with this matter.

Our society is to some degree violent. This is reflected in the media. Geeks, as members of this society, are also going to have picked up some of this violence. However, I don't feel as if 'geeks' and 'nerds' are any more violent than any other group. As an athlete, a nerd, and a human being, I can attest that the violently minded exist in most groups, just as those with more pacifistic views can be found in most associations. Saying that a social trait is unique to a particular group is dangerous.

Also, I fail to see the connection between posting news of an abondoned nuclear weapon and a prediliction towards violent thoughts in nerds. Yes, nuclear weapons are incredibly violent. However, the story is not based upon a fascination with these devices, but on the dangerous situation created when one was lost.

... that the E10K-review-ripoff story appeared
in my browser under a banner add for The Perl
Journal (in view of the uncertain future of
THAT formerly-reliable-and-enjoyable source of
real information).

Read Tom Clancy's "The Sum of All Fears". It's a story about almost exactly this - a lost nuclear device from a plane crash in the 60's (this time in Israel, not Carolina), which was recovered by terrorists, who used the plutonium to make a small nuclear device, smuggle it inside the US, and blow up Mile High Stadium during the Super Bowl.:-)

This is quite scary (R.L., not necessarily the Clancy book). I wouldn't be surprised if a nuclear terrorist incident happens in the next few years.

Just as long as the terrorists don't actually pick Mile High Stadium in Denver - the Broncos already have enough excuses why they can't win a Super Bowl...

It is not as if they feel from a motionless aircraft. The plane was probably doing near the speed of sound when they accidently jettision the bombs and probably their careers. So in this case terminal velocity got a big boost from some rather large jet engines.

North Carolinians (Carolingians?) can sleep relatively easy though: according to the article, when a pair of hydrogren bombs went down with the plane which was carrying them, "Safety mechanisms designed to prevent unintended or unauthorized detonation served their function, and a historic nuclear catastrophe was averted. But published sources disagree on how close the people of Wayne County came to suffering fiery annihilation." Please don't retrieve this, anyone.

I would retrieve this for bragging right alone.

In seriousness, what's with the fear mongering on/. these days? To be fully specific just to this story, let me point this out: nukes are not easy to blow. They aren't contact explosives! If you drop an unarmed H-bomb on the ground, it doesn't default to "kaboom!" - there are more components in the bomb than just tritium, and their path to lowest chemical rest energy is *not* "configure into the peculiar grouping necessary for high-yield nuclear chain reaction"!

I mean, we didn't send our best physicists to Los Alamos for 2 years because this stuff is easy!! I mean, sure, nowadays anyone with some high-grade plutonium can threaten "the free world", but that's not because accidental explosion is a high risk. To couch it in simpler terms, if you find yourself in a room with a nuclear explosive, shaking it will not gaurantee its detonation, no matter what Hollywood told you.

I too was duped and purchased a player. Absolutely No response from the company, no player and no refund.
Is there any kind of class action type thing that could be done here?
I hope we don't see more of this in the future as I enjoyed purchasing thigns online.
If anyone finds out how to actually talk to someone at Game DVD PLEASE let the rest of us know.
Thanks

Well happy you. I'm a 15 year-old/. kid and I haven't got a story posted at all. I've got some good karma and a tendency for getting good moderation, but for some reason they just won't post a thing I place... and they won't tell me why either! (No, THIS isn't off-topic either, it's in response to a prior comment and follows the right context).
To make this insightful: They really should throw in a line to rejected comments saying "rejected because we have too many stories" or something like that so at least we know... I sent that to Malda, but I just got back a reply consisting of my message with little >'s to the left:(

After this episode of Slashback went up, I received a mail from the Houston BBB:
We're looking for people who have had problems with Delux Electronics, Dulux
Electronics, and/or E Commerce here in Houston, TX.
Regards,
Stacey Allen
Houston Better Business Bureau
Direct number 713.341.6165
Better Business Bureau
5225 Katy Freeway #500
Houston, TX
Fax 713.867.4947
Houston is the home of Dulux, according to their site. Looks like they're not so Dulux after all...

Ah, and if the bomb in question is essentially irretreviable and can no longer explode, does it still "Matter"? The USG spent months in a major effort trying to retrieve the fissile materiel lost in the accident. From what I remember from reading a report on the accident (supplemented by a quick search using google), on
Jan 29th 1961 a B52 carrying a number of H-bombs crashed. While over water/swamp & before the bomber itself crashed the bombs were released (unarmed) to avoid having the conventional explosives cook off (& scatter the fissiles) within the airframe during a post-crash fire.

While most of the bombs were recovered intact, one bomb fell into a swamp and it's core separated from the rest of the bomb. A hole 50 ft deep and over 3 acres in area were excavated to look for the core. Over 4 million cu. ft. of earth were removed before the search was abandoned.

Anyone trying to recover the core would have to mount an operation even larger than that performed in the 1960's. You can be sure that any operation of this type in the area will bring out the black helicopters X-Files fans are so fond of...

I don't like that bomb story one bit."Unarmed" is a frequently used adjective in military press releases describing broken-arrow incidents.
A table beginning on page 65 of SIPRI's 1977 Yearbook presents summary information on 32 such incidents.:-)

because most nerds like to explore the possibilities of what might happen, or what might have happened. it would have been quite interesting, had the nuke been found and detonated by, say, a terrorist organization. not necessarily good, but interesting.

it really has nothing to do with violence. if a/.er (trolls excluded) went and retrieved the nuke, it's not like they would detonate it. it would most likely be disassembled, and pictures of it would go on the web.

most geeks are quite mind-centric, vs. body-centric; just look at cowboyneal.--

I'm sorry, I have to post this rant with hopes that someone who knows will see it. Philip Ferreira ripped me off on a SCSI card last year. I sent him a cashiers check and he claimed to send the card 3 times. Just a bit of character evidence.;) I was given tracking numbers going to different states and he got $260 and got to resell or keep a 2940U2W. Only bad ebay experience I've ever had. Very bitter, hope review board dies out.;)
Lee

I understand where you're coming from on the violence thing, but I think the H-bomb thing is a poor example. That story does not appeal to someone with deep urges to kill so much as those anti-government sentiments that crop up here so much. Most slashdotters are convinced the government wants to fuck them over, taking away their rights and lacking regard for saftey (or too much regard for safety, take your pick).

Note - I work in the defense industry so obviously I don't feel strongly enough about that. But many do.

Now if ESR had editorial control of slashdot, THEN you'd see some more violent stuff. He's quite into guns...

But most geeks, I think, are quite nonviolent - both 'inside' and 'out'. But that's just my opinion; I could be wrong.

didn't mean it that way. I know an interest/expertise in guns does not translate to a violent nature or unlikeable person or anything like that. I was talking more specifically about ESR. That whole "geeks with guns" slogan, and they way he brings it up often about how guns are essential to our freedoms.

I've ordered a few items from Lik-Sang, and had nothing but good experiences from them. Hell, my Doctor GB Card was ordered on a Thursday and arrived the following Monday. Not bad for reasonably-priced international shipping.

I do MOST of my shopping on the Internet now, but I'm not NEARLY as anal about it as you are. I have a set idea in my mind (sub-consciously, most of the time) on what something should cost. Once it reaches that level, I start bargain-hunting. If I can't find a reasonable deal in a reasonable amount of time, I just buy it at the most convienient place.

I rarely buy anything locally anymore, due to Washington State's oppressive 8.6% sales tax. Shipping usually works out to be cheaper.

Anyway, I only buy at reputable dealers, like Buy.com, or places that have what look to be class-act operations. I don't know about the rest of you, but I've been on the web for a long time, and I can spot a fly-by-night operation from a mile away.

Plus... and this should be obvious... I don't buy CRAP. I'm not going to buy an expensive anything from a company I've never heard of. I don't care if this company is supposed to be the next Micrsoft. I'm about as wired as it gets, and if I don't know anything about them, they aren't getting my money. Sony, Panasonic, Dell... big name companies with proven products and decent value. But I rarely pay retail on that stuff. There's always a good deal to be found if you look around.

And dude... the PayPal thing is SO obvious. PayPal is primarily for C2C transactions. BUSINESSES don't transact through PayPal. Anyone that got taken by that scam probably deserved to. They won't get burned like that again, and it makes them a wiser shopper.

For what it was worth, this wasn't the first time I found something I wrote on another site. This happened with another page of mine on arcade game components [gameshop.com]. Things went quite a bit different that time.

A web site in England copied the work. My emails to them were completely ignored, and I was getting absolutely nowhere. It was, yet again, a commercial web. They were selling arcade games, parts, and service. It wasn't worth going all-out to try to do something about a site in a foreign country. Normally, this would have been the end of the story.

Luckily, I wasn't alone. I had posted my article under the Open Content License [opencontent.org], which is a GNUish license for text documents. I explained my problem to them, and they went to bat for me, and actually got the offending site to give in!

If you personally publish information online, and you don't want to see it ripped and commercially exploited, I can easily recommend this method over going it alone.

And going it alone is tough. I can only imagine that, without the help of the Slashdot discussion forum, and its readers, my complaint would have ignored my complaint and the content would have stayed.

/. reader:
Late in November, I read the ask slashdot article about the Dulux DVD/MP3/Game player and followed the link (http://www.gamedvdplayer.com) to purchase the item
...
and it turns out that I have never received the item, and although the company's web site is still up, they do not return phone calls or emails

/back comment:
Well said. Who else can contribute words of wisdom (or chagrin) about what so far appears to be a non-deluxe player?

I'm sorry/. but this sounds a little cheap to me. I hope that the article and this comment make you realize the responsibility that you have today.

People take you seriously, and although those of use who've been around long enough realize this, for some it may be hard to distinguish tween rite and wrong.

/. is a great site, but this is a good example of people being (possibly) frauded, believing in the quality of you (/.). I think you should at least be a bit more serious about it than the lame comment you make here.

Be angry. Pull for these guys. You have the power, and you can't let them down now.

>if a/.er (trolls excluded) went and retrieved the nuke, it's not like they would
detonate it. it would most likely be disassembled, and pictures of it would go on the web.

Yep. Given what's in the bomb, the slashdotter would most likely be disassembled, chromosome by chromosome, and pictures would wind up on the web... after being scanned in from a medical textbook on dermatological evidence of radiation poisoning.

(Oh, you meant the bomb would be disassembled... sorry;-)

A few keyword searches on "glowing blue vial" or "cobalt" should reveal what happens when people who don't know what they're doing get their hands on stuff like the sources from certain types of X-ray machines. (The short version reads: "GO DARWIN!")

As for the nuke in question, the one good thing about the condition in which it's been maintained (i.e. it hasn't been maintained!), is that it's probably of very little use, even to a terrorist.

Ever since Woz and Jobs built the first Apple in their garage in 1977 (or the TMRC hacked railroads at MIT in the 60s), geek culture has been built on the notion that anyone can have the power to change the world at his fingertips.

Compared to what geeks have accomplished in the past 20 years, a nuke is insignificant by comparison.

I too thought that the game dvd player was too good to be true. Later I spotted a dvd player on another site with identical features yet sporting a different (Shinco 868). It can be found at www.lik-sang.com [lik-sang.com] by clicking on products -> dvd.

I have heard that lik-sang is a real company that does give you what you order, but no personal experience.

Read the article, the airforce 'bought' (I forget the legalize term) a chunk of land 200' around the crash site on the farmer's field. They then told the farmer he could grow stuff, plant tries on it, but is not permitted to dig (forget the exact depth, but it's a couple of feet.)

I strongly suspect that if you went onto that chunk of field with a pick axe, Serious People would make an appearance in short order. I have to imagine someone has a camera/telescope/sat watching that chunk of land pretty carefully.

#1. I hear about a really cool product.
#2. I look for information on the web.
#3. I go to a local electronics store (best buy, circuit city, tweeter, radio shack (sic), other small local ones)
#4. I check the products existance.
#5. I comparision shop online.
#6. If the internet is substancially cheaper, I purchase it from a reputable source online. If it isn't cheaper at a reputable source online, I pay the store price - At least I have a place to take my product back to in the event that it breaks.
#7. I purchase most major electronics at local stores.

#8. The internet is great for books, music, and pet su-... scratch that last one.

A Netsclusive(TM pending) company should raise some serious flags by now. The internet business model has become more and more questionable. Even top quality advertizing, like the Pets.com dog doesn't mean success. If I have even the slightest question as to how long a company will survive, I check f*ckedcompany.com for any information. If they say the CFO had the stomach flu I avoid business with them.

Note: I got burned by purchasing a computer through QUANTEX online. The computer was cheap, but I've got a 2 more years on a 3 year service contract with nobody. The compter works fine, but I now know that I was still hosed.

First, I appreciate the tone of Peter Santangeli's letter. But I'm confused by the content.

The data access is limited to reading the information. At no time is the buffer in question ever written to.

So the buffer contains whatever it contained when it was allocated? What's the use of that? I'm pretty sure the buffer was written to while parsing the SWF file. The exploit mentioned fields that have are prefixed by a length, where the length is used by the parser to determine how much storage to allocate.

The effects of this defect are limited to the crashing of the users client (denial of service).

I'm quite skeptical of that. Maybe if Peter explained exactly how the buffer overflow causes the crash I could understand his reasons for saying that the bug can't be exploited in other ways. Is he assuming that since the vulnerable buffer was malloc'd from heap, an attacker can't predict a jump address for any particular byte in the buffer?

After Isreal conducted their first successful bomb test they contacted our state department and told us "about that missing plutonium... don't worry, we have it."

The millitary's response? "What missing plutonium?":

Thsi is frankyl what scares me the most. Our own millitary produced made-to-order terrorist weapons. They're called back-pack adjutsable yeild nuclear devices. There was a hell of a stink when Germany found out some years ago we had them deployed and ready as part of a 'scorched earth policy' if the Russkies came over the wall. (Back when there were Russkies and a wall.)

Gien our millitary's proven "efficiency" at handling their invantory, I'm just waiting for one to shwo up in the hands of some middle east terrorist organization.

for a taste of a good oleschool style slashdot relentless slashunt for the truth. I got a kick out of reading the ensuing posts and refreshing the browser only to see the next post / flame whatever.National Enquireresque? Yeah, but taloid fodder like that is hard to pass up when you see it happening before your eyes and occaisionally it makes for a few good banner impressions to boot.

It is funny to see you saying that, after what you posted on the older article.

> I got caught up in the moment here and did something stupid with it, but normally I used it just to make my job easier. What's wrong with that?
What's wrong is that nobody beleives you. No one. You are now doing damage control by trying to unlink your 'redir' slashdot account with your real identity. It will not work. You did not offered any sincere apology for your scam. Most of the 'apologies' were posted as an AC.
In my eyes, and for the majority of slashdot readers, you are both Philip Ferreira (your real name) and Chris Chabot (one of your "writer" names), as well as a couple of other slashdot identities. You'll need pretty hard evidence to prove the opposite. And as no one beleive anything you post, the case seems to be settled on:
* you own a shitty review site
* provide content by cut-n-pasting from around the net
* and get money by dragging slashdot audience to it

Furthermore,

* you are an total liar
* and quite an aggressive person.
Cheers,
--fred

Every object has a different terminal velocity, depending on it's size, shape and mass (a few other factors too). For example, you falling from a plane would have a lower terminal velocity than a bomb falling from the same altitude.

At the risk of (-1, Redundancy) I would think this is definitely Stuff that Matters. If I had a lost 2.4-megaton H-bomb in my backyard, I'd sure like to know about it! It falls into the Nerds category because it's a good example of the dark side of technology.

The Deluxe DVD seems to good to be true, and apparently it is. I am just wondering how easy it is to scam consumers over the internet these days. The Deluxe DVD, Playstation 2 bogus selling sites, etc. I guess if you aren't willing to be the first on the block with something new then you have a lesser chance of getting burned. I have a feeling that these 2 scams are going to open the floodgates for conmen to invade the internet at an even greater pace. Think of the money to be made! (stolen!)

This is precious. Looking at your User Info, I see you're from the British Isles. This is the same place where you have people blowing up buses and launching rockets at police stations and
things like that on a regular basis. "Gee, the Protestants are going to march through our neighborhood today! Hey, I know! A little bit of plastique will take care of that!" Yet you have the
unmitigated gall to push your way into our country and lecture us on violence?

You crack me up. You probably know fine well that these are Irish Republic terrorist actions.
Last time I checked the map, Ireland was a different country from the UK.

Secondly, where do you think the Irish get their guns from? That's right! Land of the free!

no kidding hey? I found that most 'Jocks' had gentle imaginations too, even from the days of them copying my math tests in grade 8, and the beat down I got when I wouldn't let them. Gentle to say the least...in fact, one could say, almost completely passively absent.

We're aggresive mentally for a reason, so we can hold a conversation. Most women I date appreciate the fact that I show intelligence.

And lastly, don't stereotype. The days of the inch think glasses, with the pocket protector geek is over. Most of us are normal people, we get rid of agression in other ways too.

I understand why you don't believe me, even though I came clean completely, you can believe me, or in this case choose not to. I am indeed an aggressive person, but I did say I'm sorry, several times, and I'll say it again because I mean it. As far as anything else goes, I've been a total ass, I know it, and there isn't much else to say about it. It's regretable that you don't believe me, but you are wrong, shitloads of people emailed the editor with links to the story and now there is a full blown investigation going on at work. He actually said "It could be one of four people, one of you will admit it by the end of the day, or you will all be fired". So it seems I'm not long for my job, you all got your wish because I have to go fess up now or people that are innocent will lose their jobs. I hope you are all satisfied.

Now if ESR had editorial control of slashdot, THEN you'd see some more violent stuff. He's quite into guns...

I know ESR only by reputation, but the sterotype that someone who has an interest in guns, or other methods of physical force, is a violent person doesn't hold.

My graduate school advisor was a firearms enthusiast, a champion rifle competitor, and the moderator of rec.guns. He was also one of the most popular CS professors on campus,
known for his good humor.

Or to consider my own self...I am a gun owner and a karate nidan (second degree black belt). I've had at least some training in firearms, empty handed combat, knifes, sticks, firearms, and swords. If it can kill, injure, or maim, I probably know something about it. Yet despite my firey and outspoken political views, I am in my day-to-day life a very non-violent person; the only times I've even come close to using any of this training are a few incidents where I stepped in to stop violence being directed against others.

There are two motivations for a serious study of violence: to use it, or to stop it.